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Abstract 


This document defines new Modular Exponential (MODP) Groups for the 
Internet Key Exchange (IKE) protocol. It documents the well known 
and used 1536 bit group 5, and also defines new 2048, 3072, 4096, 
6144, and 8192 bit Diffie-Hellman groups numbered starting at 14. 
The selection of the primes for theses groups follows the criteria 
established by Richard Schroeppel. 
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1. Introduction 


One of the important protocol parameters negotiated by Internet Key 

Exchange (IKE) [RFC-2409] is the Diffie-Hellman "group" that will be 
used for certain cryptographic operations. IKE currently defines 4 

groups. These groups are approximately as strong as a symmetric key 
of 70-80 bits. 


The new Advanced Encryption Standard (AES) cipher [AES], which has 
more strength, needs stronger groups. For the 128-bit AES we need 
about a 3200-bit group [Orman0O1]. The 192 and 256-bit keys would 
need groups that are about 8000 and 15400 bits respectively. Another 
source [RSA13] [Rousseau00] estimates that the security equivalent 
key size for the 192-bit symmetric cipher is 2500 bits instead of 
8000 bits, and the equivalent key size 256-bit symmetric cipher is 
4200 bits instead of 15400 bits. 


Because of this disagreement, we just specify different groups 
without specifying which group should be used with 128, 192 or 256- 
bit AES. With current hardware groups bigger than 8192-bits being 
too slow for practical use, this document does not provide any groups 
bigger than 8192-bits. 


The exponent size used in the Diffie-Hellman must be selected so that 
it matches other parts of the system. It should not be the weakest 
link in the security system. It should have double the entropy of 
the strength of the entire system, i.e., if you use a group whose 
strength is 128 bits, you must use more than 256 bits of randomness 
in the exponent used in the Diffie-Hellman calculation. 
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2. 1536-bit MODP Group 


The 1536 bit MODP group has been used for the implementations for 
quite a long time, but was not defined in RFC 2409 (IKE). 
Implementations have been using group 5 to designate this group, we 
standardize that practice here. 

The prime is: 2%1536 - 2%1472 - 1 + 2%64 * { 


[2%1406 pi] + 741804 } 


Its hexadecimal value is: 


FFFFFFFF 
29024E08 
EF9519B3 
E485B576 
EE38 6BFB 
C2007CB8 
83655D23 
670C354E 


FFFFFFFF 
8A67CC74 
CD3A431B 
625E7EC6 
5A899FA5 
A163BF05 
DCA3AD96 
4ABC9804 


C90FDAA2 
020BBEA6 
302B0A6D 
F44C42E9 
AEQF2411 
98DA4836 
1C62F356 
F1746C08 


2168C234 
3B139B22 
F25F1437 
A637ED6B 
7C4B1FE6 
1C55D39A 
208552BB 
CA237327 


C4C6628B 
514A0879 
4FE1356D 
OBFF5CB6 
49286651 
69163FA8 
9ED52907 
FFFFFFFF 


80DC1CD1 
8E3404DD 
6D51C245 
F406B7ED 
ECE45B3D 
FD24CF5F 
7096966D 
FFFFFFFF 


The generator is: 2. 

3. 2048-bit MODP Group 
This group is assigned id 14. 
This prime is: 2%2048 - 2°1984 - 1 + 2^64 * { 


[2%1918 pi] + 124476 } 


Its hexadecimal value is: 


FFFFFFFF 
29024E08 
EF9519B3 
E485B576 
EE386BFB 
C2007CB8 
83655D23 
670C354E 
E39E772C 
DE2BCBF6 
15728E5A 
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FFFFFFFF 
8A67CC74 
CD3A431B 
625E7EC6 
5A899FA5 
A163BF05 
DCA3AD96 
4ABC9804 
180E8603 
95581718 
8AACAA68 


The generator is: 2. 


C90FDAA2 
O20BBEA6 
302B0A6D 
F44C42E9 
AEQF2411 
98DA4836 
1C62F356 
F1746C08 
9B2783A2 
3995497C 
FFFFFFFF 


2168C234 
3B139B22 
F25F1437 
A637ED6B 
7C4B1FE6 
1C55D39A 
208552BB 
CA18217C 
ECO7A28F 
EA95 6AE5 
FFFFFFFF 


C4C6628B 
514A0879 
4FE1356D 
OBFF5CB6 
49286651 
69163FA8 
9ED52907 
32905E46 
B5C55DF0 
15D22618 
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80DC1CD1 
8E3404DD 
6D51C245 
F406B7ED 
ECE45B3D 
FD24CF5F 
7096966D 
2E36CE3B 
6F4C52C9 
98FA0510 


[Page 3] 


RFC 3526 


MODP Diffie-Hellman groups for IKE 


4. 3072-bit MODP Group 


This group is assigned id 15. 


This prime is: 


Its hexadecimal value is: 


FFFFFFFF 
29024E08 
EF9519B3 
E485B576 
EE386BFB 
C2007CB8 
83655D23 
670C354E 
E39E772C 
DE2BCBF6 
15728E5A 
ECFB8504 
ABF5AE8C 
F12FFA06 
BBE11757 
43DB5BFC 
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FFFFFFFF 
8A67CC74 
CD3A431B 
625E7EC6 
5A899FA5 
A163BF05 
DCA3AD96 
4ABC9804 
180E8603 
95581718 
8AAAC42D 
58DBEFOA 
DB0933D7 
D98A0864 
7A615D6C 
EOFD108E 


The generator is: 2. 


C90FDAA2 
O20BBEA6 
302BOA6D 
F44C42E9 
AEQF2411 
98DA4836 
1C62F356 
F1746C08 
9B2783A2 
3995497C 
AD33170D 
8AEA7157 
1E8C94E0 
D8760273 
770988CO 
4B82D120 


2°3072 = 243008 = 1+ 2%64 * { 


2168C234 
3B139B22 
F25F1437 
A637ED6B 
7C4B1FE6 
1C55D39A 
208552BB 
CA18217C 
ECO7A28F 
EA95 6AE5 
04507A33 
5D060C7D 
4A25619D 
3EC86A64 
BAD 946E2 
A93AD2CA 


C4C6628B 
514A0879 
4FE1356D 
OBFF5CB6 
49286651 
69163FA8 
9ED52907 
32905E46 
B5SC55DF0 
15D22618 
A85521AB 
B3970F85 
CEE3D226 
521F2B18 
O8E24FA0 
FFFFFFFF 
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[2*2942 pi] 


80DC1CD1 
8E3404DD 
6D51C245 
F406B7ED 
ECE45B3D 
FD24CF5F 
7096966D 
2 
6 
9 


E36CE3B 
F4C52C9 
8FA0510 
DF1CBA64 
A6E1E4C7 
1AD2EE6B 
177B200C 
74E5AB31 
FFFFFFFF 
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5. 4096-bit MODP Group 


This group is assigned id 16. 


This prime is: 


Its hexadecimal value is: 


FFFFFFFF 
29024E08 
EF9519B3 
E485B576 
EE386BFB 
C2007CB8 
83655D23 
670C354E 
E39E772C 
DE2BCBF6 
15728E5A 
ECFB8504 
ABF5AE8C 
F12FFA06 
BBE11757 
43DB5BFC 
88719A10 
2583E9CA 
287C5947 
1F612970 
93B4EA98 
FFFFFFFF 
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FFFFFFFF 
8A67CC74 
CD3A431B 
625E7EC6 
5A899FA5 
A163BF05 
DCA3AD96 
4ABC9804 
180E8603 
95581718 
8AAAC42D 
58DBEFOA 
DB0933D7 
D98A0864 
7A615D6C 
EOFD108E 
BDBA5B26 
AD44CE8 


C90FDAA2 
O20BBEA6 
302BOA6D 
F44C42E9 
AEQF2411 
98DA4836 
1C62F356 
F1746C08 
9B2783A2 
3995497C 
AD33170D 
8AEA7157 
1E8C94E0 
D8760273 
770988CO 
4B82D120 
99C32718 
DBBBC2DB 


2°4096 = 2%4032 - 1+ 2%64 * { 


2168C234 
3B139B22 
F25F1437 
A637ED6B 
7C4B1FE6 
1C55D39A 
208552BB 
CA18217C 
ECO7A28F 
EA95 6AE5 
04507A33 
5D060C7D 
4A25619D 
3EC86A64 
BAD 946E2 
A9210801 
6AF4E23C 


C4C6628B 
514A0879 
4FE1356D 
OBFF5CB6 
49286651 
69163FA8 
9ED52907 
32905E46 
B5SC55DF0 
15D22618 
A85521AB 
B3970F85 
CEE3D226 
521F2B18 
O8E24FA0 
1A723C12 
1A946834 


[2°3966 pi] 


80DC1CD1 
8E3404DD 
6D51C245 
F406B7ED 
ECE45B3D 
FD24CF5F 
7096966D 
2 
6 
9 


E36CE3B 
F4C52C9 
8FA0510 
DF1CBA64 
A6E1E4C7 
1AD2EE6B 
177B200C 
74E5AB31 
A787E6D7 
B6150BDA 


O4DE8EF9 


No 


ESEFC14 


2 

4E6BCO5D 
CEE2D7AF 
8D8FDDC1 
FFFFFFFF 


The generator is: 2. 


99B2964F 
B81BDD76 
86FFB7DC 


A090C3A2 
2170481C 
90A6CO8F 


233BA186 
D0069127 
4DF435C9 
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1FBECAA6 
515BE7ED 
D5BO5AA9 
34063199 
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6144-bit MODP Group 


This group is assigned id 17. 


This prime is: 


Its hexadecimal value is: 


FFFFFFFF 
8A67CC74 
302B0A6D 
A637ED6B 
49286651 
FD24CF5F 
670C354E 
180E8603 
3995497C 
04507A33 
B3970F85 
1AD2EE6B 
BBE11757 
EOFD108E 
99C32718 
O4DE8EF9 
233BA186 
D5BO5AA9 
36C3FAB4 
AD9E530E 


FFFFFFFF 
020BBEA6 
F25F1437 
OBFF5CB6 
ECE45B3D 
83655D23 
4ABC9804 
9B2783A2 
EA956AE5 
A85521AB 
A6E1E4C7 


C90FDAA2 
3B139B22 
4FE1356D 
F406B7ED 


2168C234 
514A0879 
6D51C245 
EE386BFB 


C2007CB8 
DCA3AD96 
F1746C08 
ECO7A28F 
15D22618 
DF1CBA64 
ABF 5AE8C 


A163BF05 
1C62F356 
CA18217C 
B5C55DF0 
98FA0510 
ECFB8504 
DB0933D7 


FI2FFA06 
7A615D6C 
4B82D120 
6AF4E23C 
2E8EFC14 
515BE7ED 
93B4EA98 
D27C7026 
E5DB382F 


DA3EDBEB 
2BD7AF 42 
F482D7CE 
BEC7E8F3 
CC8F6D7E 
B7C5DA76 
387FE8D7 
6DCC4024 


CF 9B14ED 
6FB8F401 
6E74FEF6 
23A97A7E 
BF48E1D8 
F550AA3D 
6E3C0468 
FFFFFFFF 


The generator is: 


D98A0864 
770988C0 
A9210801 
1A946834 
1FBECAA6 
1F612970 
8D8FDDC1 
C1D4DCB2 
413001AE 
44CE6CBA 
378CD2BF 
D55E702F 
36CC88BE 
14CC5ED2 
8A1FBFFO 
043E8F 66 
FFFFFFFF 


2. 


8192-bit MODP Group 


D8760273 
BAD 946E2 
1A723C12 
B6150BDA 
287C5947 
CEE2D7AF 
86FFB7DC 
602646DE 
BO6A53ED 
CED4BB1B 
5983CA01 
46980C82 
OF1D45B7 
OF8037E0 
EB19CCB1 
3F4860EE 


This group is assigned id 18. 


This prime is: 
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2°6144 = 256080: = L + 2%64 * 


C4C6628B 
8E3404DD 
E485B576 
5A899FA5 
98DA4836 
208552BB 
32905E46 


[2*6014 


80DC1CD1 
EF 9519B3 
625E7EC6 
AEQF2411 
1C55D39A 
9ED52907 
2E36CE3B 
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pil 


29024E08 
CD3A431B 
F44C42E9 
7C4B1FE6 
69163FA8 
7096966D 
E39E772C 


6F4C52C9 
15728E5A 
58DBEFOA 
1E8C94E0 
3EC86A64 
O8E24FA0 
A787E6D7 
2583E9CA 
4E6BCO5D 
B81BDD76 
90A6CO8F 
C9751E76 
9027D831 
DB7F1447 
C64B92EC 
B5A84031 
FF585AC5 
A79715EE 
A313D55C 
12BF2D5B 


2°8192 - 2%8128 - 1 + 2%64 * 


Standards Track 


DE2BCBF6 
8AAAC42D 
8AEA7157 
4A25619D 
521F2B18 
74E5AB31 
88719A10 
2AD44CE8 
99B2964F 
2170481C 
4DF435C9 
3DBA37BD 
179727BO 
E6CC254B 
FO32EA15 
900B1C9E 
4BD407B2 
F29BE328 
DA56C9EC 
0B7474D6 


[2*°8062 


95581718 
AD33170D 
5D060C7D 
CEE3D226 
177B200C 
43DB5BFC 
BDBA5B26 
DBBBC2DB 
A090C3A2 
D0069127 
34028492 
F8FF9406 
865A8918 
33205151 
D1721D03 
59E7C97F 
2B4154AA 
06A1D58B 
2EF29632 
E694F91E 


pil 


[Page 6] 


+ 929484 } 
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FFFFFFFF 
29024E08 
EF9519B3 
E485B576 
EE386BFB 
C2007CB8 
83655D23 
670C354E 
E39E772C 
DE2BCBF6 
15728E5A 
ECFB8504 
ABF5SAE8C 
F1I2FFA06 
BBE11757 
43DB5BFC 
88719A10 
2583E9CA 
287C5947 
1F612970 
93B4EA98 
36C3FAB4 
F8FF9406 
179727BO 
DB7F1447 
5983CA01 
D55E702F 
23A97A7E 
CC8F6D7E 
06A1D58B 
DA56C9EC 
12BF2D5B 
38777CB6 
741FA7BF 
3423B474 
22222E04 
4BCBC886 
062B3CF5 
4597E899 
B1D510BD 
4009438B 
9558E447 
60C980DD 
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FFFFFFFF 
8A67CC74 
CD3A431B 
625E7EC6 
5A899FA5 
A163BF05 
DCA3AD96 
4ABC9804 
180E8603 
95581718 
8AAAC42D 
58DBEFOA 
DB0933D7 
D98A0864 
7A615D6C 
EOFD108E 
BDBA5B26 
2AD44CE8 


Its hexadecimal value is: 


C90FDAA2 
O20BBEA6 
302B0A6D 
F44C42E9 
AEQF2411 
98DA4836 
1C62F356 
F1746C08 
9B2783A2 
3995497C 
AD33170D 
8AEA7157 
1E8C94E0 
D8760273 
770988CO 
4B82D120 
99C32718 
DBBBC2DB 


2168C234 
3B139B22 
F25F1437 
A637ED6B 
7C4B1FE6 
1C55D39A 
208552BB 
CA18217C 
ECO7A28F 
EA95 6AE5 
04507A33 
5D060C7D 
4A25619D 
3EC86A64 
BAD 946E2 
A9210801 
6AF4E23C 
O4DE8EF9 


C4C6628B 
514A0879 
4FE1356D 
OBFF5CB6 
49286651 
69163FA8 
9ED52907 
32905E46 
B5C55DF0 
15D22618 
A85521AB 
B3970F85 
CEE3D226 
521F2B18 
O8E24FA0 
1A723C12 
1A946834 
2E8EFC14 


4E6BCO5D 
CEE2D7AF 
8D8FDDC1 
D27C7026 
AD9E530E 
865A8918 
E6CC254B 
C64B92EC 
46980C82 
36CC88BE 
BF48E1D8 
B7C5DA76 
2EF29632 
0B7474D6 
A932DF8C 
8AFC47ED 
2BF1C978 
A4037C07 
2F8385DD 
B3A278A6 
A0255DC1 
TEE74D73 
481C6CD7 
5677E9AA 
98EDD3DF 


The generator is: 2. 


99B2964F 
B81BDD76 
86FFB7DC 
C1D4DCB2 
E5DB382F 
DA3EDBEB 
33205151 
FO32EA15 
B5A84031 
OF1D45B7 
14CC5ED2 
F550AA3D 
387FE8D7 
E694F91E 
D8BEC4DO 
2576F693 
238F16CB 
13EB57A8 
FA9D4B7F 
6D2A13F8 
64F31CC5 
FAF36BC3 
889A002E 
9E3050E2 
FFFFFFFF 


A090C3A2 
2170481C 
90A6CO8F 
602646D!I 
413001A 
CF 9B14ED 
2BD7AF 42 
D1721D03 
900B1C9E 
FF585AC5 
OF8037E0 
8A1FBFFO 
6E3C0468 
6 
7 


Gl Gl 


DBE1159 
3B931BA 
6BA42466 
E39D652D 
1A23F0C7 
A2CO087E8 
3F44F 82D 
0846851D 
1LECFA268 
D5EE382B 
765694DF 
FFFFFFFF 


233BA186 
D0069127 
4DF435C9 
C9T51E76 
BO6A53ED 
44CE6CBA 
6FB8F401 
F482D7CE 
59E7C97F 
4BD407B2 
A79715EE 
EB19CCB1 
043E8F 66 
74A3 92 6F 
3BC832B6 
3AAB639C 
E3FDB8BE 
3473FC64 
79683303 
DF 310EE0 
F9AB4819 
359046F4 
C9190DA6 
C81F56E8 
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80DC1CD1 
8E3404DD 
6D51C245 
F406B7ED 
ECE45B3D 
FD24CF5F 
7096966D 
2E36CE3B 
6F4C52C9 
98FA0510 
DF1CBA64 
A6E1E4C7 
1AD2EE6B 
177B200C 
74E5AB31 
A787E6D7 
B6150BDA 
1FBECAA6 
515BE7ED 
D5BO5AA9 
34028492 
3DBA37BD 
9027D831 
CED4BB1B 
378CD2BF 
6E74FEF6 
BEC7E8F3 
2B4154AA 
F29BE328 
A313D55C 
3F4860EE 
12FEE5E4 
8D9DD300 
5SAE4E568 
FC848AD9 
6CEA306B 
EDS5BDD3A 
74AB6A36 
SDED7EA1 
EB879F92 
FCO26E47 
80B96E71 
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8. 


10. 


11. 


Security Considerations 


This document describes new stronger groups to be used in IKE. The 
strengths of the groups defined here are always estimates and there 
are as many methods to estimate them as there are cryptographers. 
For the strength estimates below we took the both ends of the scale 
so the actual strength estimate is likely between the two numbers 
given here. 


pesien A i ae saa a aa OSS SSeS Sees SSS SS + 
| Group | Modulus | Strength Estimate 1 | Strength Estimate 2 | 
| | +---------- +---------- +---------—- +---------- + 
| | | | exponent | | exponent | 
| | | in bits | size | in bits | size | 
pesninans #===SSs5SS5 +Ss555S5=5= +---------- +---------- ¢oSaSSsaSas + 
5 1536-bit 90 180- 120 240- 
14 2048-bit 110 220- 160 320- 
| 15 | 3072-bit | i30- || 260- | 210 | 420- | 
| 16 | 4096-bit | 150 | 300- | 240 | 480- | 
|! a7 | 6144-bit | 170 | 340- | 270 | 540- | 
| 18 | 8192-bit | 190 | 380- | 310 | 620- | 
+-------- +---------- 4+—--------------------- 4+—--------------------- + 


TANA Considerations 
IKE [RFC-2409] defines 4 Diffie-Hellman Groups, numbered 1 through 4. 


This document defines a new group 5, and new groups from 14 to 18. 
Requests for additional assignment are via "IETF Consensus" as 
defined in RFC 2434 [RFC-2434]. Specifically, new groups are 
expected to be documented in a Standards Track RFC. 
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13. Full Copyright Statement 
Copyright (C) The Internet Society (2003). All Rights Reserved. 


This document and translations of it may be copied and furnished to 
others, and derivative works that comment on or otherwise explain it 
or assist in its implementation may be prepared, copied, published 
and distributed, in whole or in part, without restriction of any 
kind, provided that the above copyright notice and this paragraph are 
included on all such copies and derivative works. However, this 
document itself may not be modified in any way, such as by removing 
the copyright notice or references to the Internet Society or other 
Internet organizations, except as needed for the purpose of 
developing Internet standards in which case the procedures for 
copyrights defined in the Internet Standards process must be 
followed, or as required to translate it into languages other than 
English. 


The limited permissions granted above are perpetual and will not be 
revoked by the Internet Society or its successors or assigns. 


This document and the information contained herein is provided on an 
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
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